Receiver-Deniable Public-Key Encryption Is Impossible

A receiver-deniable public-key cryptosystem is a public-key cryptosystem where the receiver can change her secret key as to make it look like a given ciphertext decrypts to some message different from what it really decrypts to. This is a notion introduced to allow to deny a message exchange and hence combat coercion. A measure of the security of such a scheme is how indistinguishable the faked secret key is from a real secret key. The authors prove that it is impossible to build receiver-deniable public-key cryptosystem with better than inverse-polynomial security.